Securing user-created content

To prevent cross-site scripting attacks (XSS), user content—such as Jupyter Notebooks—can be served from a separate domain.

To enable this:

  1. Configure the project to use a separate content domain:

    anaconda-server-config --set SERVER_NAME your.anaconda.repository
    anaconda-server-config --set USER_CONTENT_DOMAIN your.usercontent.server
    

NOTE: Replace your.anaconda.repository and usercontent.your.anaconda.repository with the respective server IP address or domain name.

  1. If your user content domain is a subdomain of your Repository domain, you must also configure the session cookie to only send to the root domain:

    anaconda-server-config --set SERVER_NAME your.anaconda.repository
    anaconda-server-config --set USER_CONTENT_DOMAIN usercontent.your.anaconda.repository
    anaconda-server-config --set SESSION_COOKIE_DOMAIN your.anaconda.repository
    

NOTE: Replace your.anaconda.repository and usercontent.your.anaconda.repository with the respective server IP address or domain name.